Cybersecurity
Category Added in a WPeMatico Campaign
ASUS routers are affected by three critical remote code execution flaws Pierluigi Paganini September 06, 2023 Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to […]
Hacker group GhostSec is disclosing the source code for software developed by the Iranian FANAP group, alleging it to be surveillance software used by the Iranian state on its own citizens. The group claims to have cracked FANAP group’s proprietary code, and has analyzed around 26GB of compressed data which it is releasing a file at a […]
In a proof of concept exploit shared on Reddit, a researcher describes how the Linux client of Atlas VPN, specifically the latest version, 1.0.3, has an API endpoint that listens on localhost (127.0.0.1) over port 8076.
Morphisec recently identified a more advanced version of the Chaes malware. Dubbed Chae$ 4, this new variant is specifically designed to target clients of financial and logistics companies located in Latin America. The Chaes malware initially appeared in November 2020, with its primary focus on e-commerce customers in the Latin American region, especially in Brazil. […]
Sep 06, 2023The Hacker NewsSecurity Operations Center (SOC) The role of the CISO keeps taking center stage as a business enabler: CISOs need to navigate the complex landscape of digital threats while fostering innovation and ensuring business continuity. Three CISOs; Troy Wilkinson, CISO at IPG; Rob Geurtsen, former Deputy CISO at Nike; and Tammy Moskites, […]
WithSecure has unveiled a new security vulnerability in Mend.io’s application security platform today, raising concerns about data privacy and potential exploitation. Mend.io, a provider of application security solutions with over 1000 customers, has swiftly addressed the issue. The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method […]
Sep 06, 2023THNVulnerability / ICS Nine security flaws have been disclosed in electric power management products made by Schweitzer Engineering Laboratories (SEL). “The most severe of those nine vulnerabilities would allow a threat actor to facilitate remote code execution (RCE) on an engineering workstation,” Nozomi Networks said in a report published last week. The issues, […]
Nine vulnerabilities, including potentially serious flaws, were patched recently in a couple of electric power management products made by Schweitzer Engineering Laboratories (SEL). SEL is a US-based company that provides a wide range of products and services for the electric power sector, including control systems, generator and transmission protection, and distribution automation. Researchers at industrial […]
⚠️ September 5, 2023: This appears to be an ongoing campaign with additional packages published. The package timeline table has been updated to reflect this. Phylum has been extremely busy in the past few weeks, reporting on multiple malware campaigns, including malicious updates to npm packages, malware masquerading as a GCC binary, and a package […]